diff options
| author | Robin Krahl <guskraro@student.gu.se> | 2017-09-25 20:55:08 +0000 |
|---|---|---|
| committer | Robin Krahl <guskraro@student.gu.se> | 2017-09-25 20:58:16 +0000 |
| commit | 7c55cebd914ac059b9c91a897cb00011b689eb57 (patch) | |
| tree | 9c84a17bff5328d298add5abffd3e65d87297dd6 /bro-script/README | |
| parent | 478b8df6262d405015bf2ea7ca28ef06d2df3e5e (diff) | |
| download | midbro-7c55cebd914ac059b9c91a897cb00011b689eb57.tar.gz midbro-7c55cebd914ac059b9c91a897cb00011b689eb57.tar.bz2 | |
bro-script: Add simple baseline implementation
This implementation only logs the (combined) request and response events
that occur within the same connection. This assumes that a response is
always send over the same connection as a request. It is unclear
whether this assumption really holds.
This implementation does not yet contain error handling, so if there was
no response for a request, Bro displays an error message.
It also does not contain an interpretation of the values, so if multiple
values are read within one request, they are displayed in the same log
entry.
Diffstat (limited to 'bro-script/README')
| -rw-r--r-- | bro-script/README | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/bro-script/README b/bro-script/README index abfe1ad..03d9158 100644 --- a/bro-script/README +++ b/bro-script/README @@ -1,4 +1,8 @@ This directory contains a baseline implementation of the package parser implemented as a Bro script. A .bro file contains a script that can be executed on a Modbus pcap dump. A .log file contains an example for an -output file generated by this script. +output file generated by this script. By convention, the sample log file +should contain the first 100 lines of a real log file. + +Currently, the scripts only handle the read_holding_registers event. Other +events can handled by simply copying and adapting the existing handlers. |